Description
This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entices users to click on HTML attachments, initiating a series of activities focused on gathering system metadata. The infection chain involves obfuscation techniques, URL evasion tactics, and the downloading of malicious payloads. The malware establishes connections with remote servers, collects sensitive data, disables security measures, performs registry modifications, and persists on the compromised system. The campaign primarily targets North and South American geolocations, aiming to steal victims' financial information and banking credentials.
Date
| Published | Created | Modified |
|---|---|---|
| May 17, 2024, 3:38 p.m. | May 17, 2024, 3:38 p.m. | May 17, 2024, 4:03 p.m. |
Indicators
zfi8ny6yi30s.website
89.117.37.61
89.116.236.122
51.38.235.152
80.211.249.77
38.54.20.37
216.238.70.224
212.46.38.43
192.46.216.151
185.45.195.226
185.185.87.45
172.105.111.154
158.69.110.217
154.223.16.114
149.100.158.179
139.177.193.74
54.39.10.87
86.38.217.167
Attack Patterns
Metamorfo
TrojanSpy:Win32/Casbaneiro
Metamorfo
T1063
T1578
T1135
T1548
T1113
T1036.005
T1547
T1112
T1562